图书情报工作 ›› 2019, Vol. 63 ›› Issue (16): 43-53.DOI: 10.13266/j.issn.0252-3116.2019.16.005
程慧平1,2, 彭琦1
收稿日期:
2018-10-30
修回日期:
2019-02-21
出版日期:
2019-08-20
发布日期:
2019-08-20
作者简介:
程慧平(ORCID:0000-0003-4631-7997),教授,博士,E-mail:chenghuiping@nwu.edu.cn;彭琦(ORCID:0000-0001-5628-3482),硕士研究生。
基金资助:
Cheng Huiping1,2, Peng Qi1
Received:
2018-10-30
Revised:
2019-02-21
Online:
2019-08-20
Published:
2019-08-20
摘要: [目的/意义]近年来个人云存储服务的技术安全问题屡见不鲜,严重影响了个人云存储服务用户持续使用率。识别和分析使用云存储服务的技术安全风险的关键影响因素,对于个人云存储服务提供商提供安全云存储服务、提高个人云存储服务用户粘性具有重要实践意义。[方法/过程]基于文献调研、专家访谈、云计算安全报告(Gartner)、云计算安全架构与标准(ENISA、CSA、FedRAMP、MTCS),构建个人云存储服务的技术安全风险影响因素指标体系。通过专家问卷调查得出个人云存储服务的技术安全风险评估体系中各影响因素之间的直接影响矩阵,运用Fuzzy-DEMATEL方法对个人云存储服务技术安全风险影响因素的因果关系及重要程度进行分析,揭示个人云存储服务技术安全风险关键影响因素。[结果/结论]个人云存储服务技术安全风险关键影响因素包括:访问控制、服务/账户劫持、软件安全风险、虚拟化漏洞、数据传输安全。最后,依据实证研究结论,为个人云存储服务提供商构建安全云存储服务提供可行的技术建议。本研究丰富了个人云存储服务安全风险理论研究成果,为个人云存储服务提供商保障用户数据安全提供实践参考。
中图分类号:
程慧平, 彭琦. 个人云存储服务的技术安全风险关键影响因素识别与分析[J]. 图书情报工作, 2019, 63(16): 43-53.
Cheng Huiping, Peng Qi. Identification and Analysis of the Key Influencing Factors on Technical Security Risk of Personal Cloud Storage Service[J]. LIS, 2019, 63(16): 43-53.
[1] HASHIZUME K, ROSADO D G, FERNÁNDEZ-MEDINA E, et al. An analysis of security issues for cloud computing[J]. Journal of internet services & applications,2013,4(1):1-13. [2] 艾媒咨询.2016年中国个人云盘行业研究报告[EB/OL].[2018-07-05].http://www.iimedia.cn/45865.html. [3] ENISA. Cloud computing benefits, risks and recommendations for information security:cloud computing security risk assessment[EB/OL].[2018-07-17].https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment. [4] ZISSIS D, LEKKAS D. Addressing cloud computing security issues[J].Future generation computer systems,2012,28(3):583-592. [5] SINGH A, CHATTERJEE K. Cloud security issues and challenges:a survey[J]. Journal of network & computer applications,2017,79(2):88-115. [6] Gartner Group. Assessing the security risks of cloud computing[EB/OL].[2018-07-17]. https://s3.amazonaws.com/academia.edu.documents/33355553/Gartner_Security_Risks_of_Cloud.pdf?AWSAccessKeyId=AKIAIWOWYYGZ2Y53UL3A&Expires=1531800717&Signature=9iWiV8np8Hv%2BSVw5cvl8sRGqzVw%3D&response-content-disposition=inline%3B%20filename%3DAssessing_the_Security_Risks_of_Cloud_Co.pdf. [7] CSA. ‘The treacherous twelve’ cloud computing top threats in 2016[EB/OL].[2018-07-05]. https://www.prnewswire.com/news-releases/cloud-security-alliance-releases-the-treacherous-twelve-cloud-computing-top-threats-in-2016-300227806.html. [8] KHAN N, AL-YASIRI A. Identifying cloud security threats to strengthen cloud computing adoption framework[J]. Procedia computer science,2016,94:485-490. [9] RAMACHANDRA G, IFTIKHAR M, KHAN F A. A comprehensive survey on security in cloud computing[J]. Procedia computer science,2017,110:465-472. [10] SHAMELI-SENDI A, CHERIET M. Cloud computing:a risk assessment model[C]//IEEE International Conference on Cloud Engineering. Washington:IEEE, 2014:147-152. [11] LIU J, GUO Z. Research on cloud security risk assessment based on fuzzy entropy weight model[J]. Electrics, electronics, and computer science,2016,139:390-395. [12] LIN G T R, LIN C C, CHOU C J, et al. Fuzzy modeling for information security management issues in cloud computing[J]. International journal of fuzzy systems,2014,16(4):529-540. [13] LIN F, ZENG W, YANG L, et al. Cloud computing system risk estimation and service selection approach based on cloud focus theory[J]. Neural computing and applications,2017,28(1):1863-1876. [14] ISO/IEC 27017, Code of practice for information security controls based on ISO/IEC 27002 for cloud services[EB/OL].[2018-07-17]. https://www.iso.org/standard/43757.html. [15] BSI Group. ISO/IEC 27017, Extending ISO/IEC 27001 into the Cloud[EB/OL].[2018-07-17]. https://www.bsigroup.com/LocalFiles/EN-AU/_Brochures/ISO%2027017%20Whitepaper-JULY2016.pdf. [16] FedRAMP. Security assessment framework[EB/OL].[2018-07-17]. https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2015/01/FedRAMP-Security-Assessment-Framework-v2-1.pdf. [17] Singapore MTCS. SS584(2016), Specification for multi-tiered cloud computing security[EB/OL].[2018-07-17]. https://www.singaporestandardseshop.sg/Product/Product.aspx?id=88be024c-cead-4a59-801d-9fcedbbab88f. [18] CSA. Security guidance for critical areas of focus in cloud computingV2.1[EB/OL].[2018-07-17]. https://www.rationalsurvivability.com/blog/2009/12/cloud-security-alliance-v2-1-security-guidance-for-critical-areas-of-focus-in-cloud-computing-available/. [19] ENISA. A guide to monitoring of security level in cloud contracts[EB/OL].[2018-07-17]. https://www.enisa.europa.eu/publications/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts. [20] SHAHZAD F. State-of-the-art survey on cloud computing security challenges, approaches and solutions[J]. Procedia computer science,2014,37:357-362. [21] SHIRVANI M H, RAHMANI A M, SAHAFI A. An iterative mathematical decision model for cloud migration:a cost and security risk approach[J]. Software practice & experience, 2018,48(6):449-485. [22] MACKAY M, BAKER T, AL-YASIRI A. Security-oriented cloud computing platform for critical infrastructures[J]. Computer law & security review the international journal of technology & practice,2012,28(6):679-686. [23] KANG W M, DONG-LEE J, JEONG Y S, et al. VCC-SSF:service-oriented security framework for vehicular cloud computing[J].Sustainability,2015,7(2):2028-2044. [24] WALTERBUSCH M, FIETZ A, TEUTEBERG F. Missing cloud security awareness:investigating risk exposure in shadow IT[J]. Journal of enterprise information management,2017,30(4):644-665. [25] 姜茸,杨明,马自飞,等.云计算安全风险度量评估与管理[M].北京:科学出版社,2016. [26] COPPOLINO L, D'ANTONIO S, MAZZEO G, et al. Cloud security:emerging threats and current solutions[J]. Computers & electrical engineering,2017,59:126-140. [27] CHOI M, LEE C. Information security management as a bridge in cloud systems from private to public organizations[J]. Sustainability,2015,7(9):12032-12051. [28] SINGH S, JEONG Y S, PARK J H. A survey on cloud computing security:issues, threats, and solutions[J]. Journal of network & computer applications,2016,75(9):200-222. [29] 阮树骅,瓮俊昊,毛麾,等.云安全风险评估度量模型[J].山东大学学报:理学版,2018,53(3):71-76. [30] RONG C, NGUYEN S T, JAATUN M G. Beyond lightning:a survey on security challenges in cloud computing[J]. Computers & electrical engineering,2013,39(1):47-54. [31] BRENDER N, MARKOV I. Risk perception and risk management in cloud computing:results from a case study of Swiss companies[J]. International journal of information management, 2013,33(5):726-733. [32] LIN R J. Using fuzzy dematel to evaluate the green supply chain management practice[J]. Journal of cleaner production,2013,40(7):32-39. [33] OPRICOVIC S, TZENG G H. Defuzzification within a multi-criteria decision model[J]. Uncertain fuzzy,2003,11(5):635-652. [34] GUEST G, BUNCE A, JOHNSON L. How many interviews are enough?:an experiment with data saturation and variability[J]. Field methods,2006,18(18):59-82. [35] GHAFFARI K, LAGZIAN M. Exploring users' experiences of using personal cloud storage services:a phenomenological study[J]. Behaviour & information technology,2018,37(3):295-309. |
[1] | 鞠孜涵, 白如江, 张玉洁, 王志民. 数字人文视域下古籍数据库建设关键技术研究——兼评稷下学文献资料数据库的建设思路[J]. 图书情报工作, 2022, 66(19): 4-14. |
[2] | 袁建霞, 冷伏海, 黄龙光, 边文越, 王海霞. 科技前沿方向的情报监测分析与综合研判方法探讨[J]. 图书情报工作, 2022, 66(19): 92-98. |
[3] | 黄菡, 王晓光, 王依蒙. 复杂网络视角下的研究主题学科交叉测度研究[J]. 图书情报工作, 2022, 66(19): 99-109. |
[4] | 吕鲲, 陈箫羽, 靖继鹏. 基于组合分词方法和LDA模型的区块链金融产业关键技术识别研究[J]. 图书情报工作, 2022, 66(19): 110-121. |
[5] | 陆颖颖, 孙裕彤, 张瑶, 李旭光. 人工智能、机器学习、自动化和机器人技术对信息行业的影响——2021年CILIP专题研讨会综述与启示[J]. 图书情报工作, 2022, 66(19): 143-152. |
[6] | 李猛力, 初景利, 李楠. 党领导下的图书情报事业:追溯与思考[J]. 图书情报工作, 2022, 66(18): 3-10. |
[7] | 郭若涵, 徐拥军. 数字文化遗产协同治理:逻辑框架、案例审视与实现路径[J]. 图书情报工作, 2022, 66(18): 11-22. |
[8] | 刘芳兵, 夏翠娟, 杨新涯. 高校数字记忆项目建设策略研究——以重庆大学数字记忆项目方案设计为例[J]. 图书情报工作, 2022, 66(18): 31-39. |
[9] | 张彪, 吴红, 高道斌, 林艳秋. 基于潜在高被引论文与高价值专利的创新前沿识别研究[J]. 图书情报工作, 2022, 66(18): 72-83. |
[10] | 金燕, 刘琦, 毕崇武. 研究生学术搜索中的信息规避行为与成因研究[J]. 图书情报工作, 2022, 66(18): 84-94. |
[11] | 董美, 常志军. 一种面向中医领域科技文献的实体关系抽取方法[J]. 图书情报工作, 2022, 66(18): 105-113. |
[12] | 李月琳, 张泰瑞, 李嗣婕. 基于系统性综述的政府信息公开影响因素及实践赋能[J]. 图书情报工作, 2022, 66(18): 114-125. |
[13] | 陈必坤, 刘钰馨, 白宽, 王诗琴, 王曰芬. 基于科学建模的学科交叉测度研究综述[J]. 图书情报工作, 2022, 66(18): 126-139. |
[14] | 陈祥玲, 肖冬梅, 杨忠. 图书馆处理个人信息的合规义务研究[J]. 图书情报工作, 2022, 66(17): 69-80. |
[15] | 王伟, 梁继文, 杨建林. 基于引文网络的领域主题层次结构识别方法研究[J]. 图书情报工作, 2022, 66(17): 81-92. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||